Download - 18a.security GSM & CDMA

8/10/2019 18a.security GSM & CDMA

1/18

Security and Encryption in GSM, GPRS, CDMA System

Security and Encryption in GSM, GPRS, CDMA System 2.

Compiled by AIGETOA Chennai ( www.aigetoachtd.org )


2/18


GSM S7B4I"C

2.1.1 Introduction [6]

$e security metods standardi9ed for te GSM System make it te most secure cellular telecommunications stand

urrently available! Altou# te confidentiality of a call and anonymity of te GSM subscriber is only #uaranteede radio cannel, tis is a ma%or step in acievin# end+to+ end security! $e subscribers anonymity is ensured tro

e use of temporary identification numbers! $e confidentiality of te communication itself on te radio lin

performed by te application of encryption al#oritms and fre"uency oppin# &ic could only be reali9ed u

di#ital systems and si#nalin#.

2.1.2 ;/er/ie# o! GSM Securit& Ser/ices [6]

Smartcard+based autentication of te user

Identification of te trou# &orld&ide uni"ue name IMSI

Al#oritm A for autentication is not public, Confidentiality on te radio link;

Al#oritms; up to J AH variants

uni"ue, permanent subscriber key -i and dynamically #enerated communication keys

Anonymity;

use of temporary identities

2.1.3GSM Securit& 4euire'ents [+]

2.1.3.18et#or$ pro/iderDs /ie#

correct 3illin#; autenticity of te user

no misuse of te service, correct billin# of content+usa#e

efficiency; no more band&idt needed for security, no lon# delays (user acceptance), c

efficient

2.1.3.2BserDs /ie#

confidentiality of communication (voice and data)

privacy, no profiles of te movements of te users

Security and Encryption in GSM, GPRS, CDMA System 22



3/18


connection &it autentic base station

correct billin#

2.1.3.3ontent pro/iderDs /ie#

correct billin#

2.1.% Arcitecture securit& !or GSM [+]

$e security aspects of GSM are detailed in GSM Recommendations WSecurity Aspects, WSubscriber Identity Modu

security Related


4/18


distributed amon# te autentication centre (A=C), te ome location re#ister (B@R) and te visitor location re#

@R)!

$e A=C is responsible for #eneratin# te sets of RA


5/18


2.1.5.1 Subscriber identit& con!identia0it&

$is feature is implemented by means of $emporary Mobile Subscriber Identities

$MSI)! $ese $MSI are local numbers and ave si#nificance only in a #iven

ocation area (@A)! $e $MSI must be accompanied by @ocation Area Identifier

@AI) to avoid ambi#uities! Some of te re"uirements on te $MSI are ;

$e ne& $MSI must be allocated at least in eac location update procedure!

$is location updatin# &enever te mobile moves to a ne& location area (@A)

Lenever a ne& $MSI is allocated to a MS, it is transmitted to te MS in

A cipered mode! $e MS sould store te $MSI in a non+volatile memory

$o#eter &it te @A so tat tese data are not lost &enever te mobile is

S&itced off!

2.1.5.2GSM subscriber?s autentication

Purpose;

$e autentication is used to identify te MS to te P@M< operator!

;peration

Autentication is performed by callen#e and response mecanism! -i in te

BP@M< is eld in te A=C ! A random callen#e (RA

Security and Encryption in GSM, GPRS, CDMA System 2H



6/18


Fig 2.2 user autentication

Fig 2.3 user autentication

2.1. con!identia0it& o! connection0ess data user in!or'ation and signa0ing in!or'ation

p&sica0 connections [+]

Security Re"uirements of Mobile communication

Autentication of MS or Subscriber

Autentication of @RZB@R

Confidentiality of Data bet&een MS and @R

Confidentiality of Data bet&een @R and B@R

Re"uirements 4or End user privacy

Security for call setup information

Security for speec

Privacy of Data

Privacy of user+location

2.1.6 Pri/ac& o! user *I [6]

All mobile communication system use some sort of a user+ID to identity its

Subscriber! $is subscriber indentication (or te user+ID ) must be protect

ed from ackers! $ransmission of tis information (tat too! In clear) eiter

over te air+interface , or over te net&ork must be avoided as far as possible

2.1. support o! roa'ing [6]

Most mobile communications systems support roamin# of users, &erein te

=ser is provided service even if e move into a re#ion andled by a deferentService provider or a deferent net&ork of te same service provider! $us ,

$ere is re"uirement in te net&ork for autenticatin# mobile user &o roam

nto its area! $e main problem ere is tat te subscriber related information

$at is useful for autentication is present only in te ome net&ork of te

user end and is #enerally not accessible by te visited (or servin#) net&ork!




7/18


$us, tere must be a metod by &ic a subset of andset credentials is supp+

lied to te servin# net&ork tat is enou# to autenticate te user! A complete

disclosure of andset credentials may result in a security compromise!

2.1.+ GSM securit& #ea$nesses [+]

Active attacks usin# false 3$S are possible! $is because te mobile dose not ceck te autenticity of te 3$S &

stablisin# a connection! It simply responds to te callen#e posed to it!

$e ciper keys and te autentication data are transmitted in clear bet&een and &itin


8/18


Services tat demand a i# level of security could be financial transactions transfer of medical information

'can#e of personal e+mail messa#es! In te ne't t&o subcapters &e ave e'plained &ic part in te GPRS sys

&e are focusin# on and te test &e did in te Ericsson ASa lab environment!

2.2.2 Arciture Securit& For GP4S []

from te fi# tere are five main areas &ere security in te GPRS system is e'posed !te five areas are ;

+security aspect relate to te mobile pone and te SIM card !

2+security mecanics bet&een te MS and SGS

+$e P@M


9/18


on!identia0it& $e property of information tat as not been disclosed to unautori9ed parties! Confidentiality

raditionally been seen as te most formidable treat in te communications system! $o provide confidenti

ncryption is used!

ntegrit& te property of information tat as not been can#ed by autori9ed parties Inte#rity is normally associ

&it error correction and retransmission tecni"ues to ensure tat data are not corrupted! Crypto#rapically ceck

s a tecni"ue to ensure tat data is not &illfully modified!

Autentication $e provision of assurance of te claimed identity of an entity! Autentication is reference to te

dentity verification! Callen#e+ Response is a common autentication mecanism tat active callen#e te use

laim tat e is te ri#t person, so te user as to #ive tat ri#t response!

Access contro0 $e prevention of unautori9ed use of a resource, includin# te prevention of a resource in

unautori9ed manner! Access control is to #ive access to services for autori9ed user and denyin# unautori9ed user

ame services!

enia0-o!-Ser/ice Lile access control is about denyin# te unautori9ed user access to te services, Denial

Service can be seen as a security service to ensure tat unautori9ed users are denied access to te services!

2.2.5. GP4S processes []

is section describes te flo&in# processes used in GPRS net&ork ;

Attac process

Process by &ic te MS attaces (i!e! connected)

$o te SGS< in te GPRS

Autentication prosess

Process by &ic te SGS< autentication te mobile subscriber!

Detac process

Process by &ic te MS detaces (i!e! disconnected ) from te SGS< in te GPRS net&ork.

2.2.5.1GP4S attac process

&en a mobile subscriber turns on teir andset , te flo&in# actions occur;

!a andset attac re"uest is sent to te ne& SGS< !

Security and Encryption in GSM, GPRS, CDMA System 2/



10/18


2!te ne& SGS< responds &it te identity of te andset! $e old SGS< responds &it identity of te andset!

!te ne& SGS< re"uests more informationA from MS !tis information is used to autentication te MS to te ne

SGS< !

?+$e autentication process continues to te B@R! $e B@R acts like a RADI=S server usin# a andset+l

autentication based on IMSI and similar to te CBAP autentication process in PPP!

H! A ceck of te e"uipment ID &it te EIR is initiated!

5! If te e"uipment ID is valid, te ne& SGS< sends a location updated to te B@R indicatin# te can#e of locatio

a ne& SGS

ubscribe data re"uest and oter information associated &it tis mobile system and notifies te ne& SGS< tat

update location as been performed!

J! $e ne& SGS< initiates a location update re"uest to te @R! $e @R acts like a pro'y RADI=S tat "ueries

ome B@R!

0! $e ne& SGS< sends te Attac Accept messa#e to te MS!

/! $e MS sends te Attac Complete messa#e to te ne& SGS

1! $e ne& SGS< notifies te ne& @R tat te relocation process is complete!

2.2.5.2GP4S autentication process

$e GPRS autentication process is very similar to te CBAP &it RADI=S server te autentication process foll

ese steps;

!$e SGS< sends te autentication information to te B@R ! te B@R sends information back to te SGS< base

e user profile tat &as part of te users initial setup!

2!$e SGS< sends a re"uest for autentication and ciperin# (used a random key to encrypt information ) to te M

e MS uses an al#oritm to send te user ID and pass&ord to te SGS

al#oritmand compares te result! If matc occur ! te SGS< autentications te user!




11/18


Fig 2.5 'ain GP4S procedures

2.2.5.3 detac process initiated b& MS

&en a mobile subscriber turns off teir andset ! te detac process initiates ! te detac process is described belo&

!te MS sends detac re"uest to te SGS

Download - 18a.security GSM & CDMA

Top Related